Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
I'm having all sorts of problems with a hijacked homepage. I have run several spyware and hijack programs and have more or less isolated the problem. But none of these antivirus and spyware programs have been able to remove it. It appears to reside in a host file which I can't even delete manually so here I am asking for help I have attached the hijack file
Logfile of HijackThis v1.99.1
Scan saved at 2:48:04 p.m., on 17/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\mapiicon.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sid Lawson\Local
Settings\Temp\wzc2e0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.haol23.net/?a42
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 mmssend.moyu.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 202.109.114.142 cm.p4p.cn.yahoo.com
O1 - Hosts: 202.109.114.142 un.265.com
O1 - Hosts: 202.109.114.142 union.qq.com
O1 - Hosts: 202.109.114.142 view.aliunion.cn.yahoo.com
O1 - Hosts: 202.109.114.142 union.narrowad.com
O1 - Hosts: 202.109.114.142 ln.heima8.com
O1 - Hosts: 202.109.114.142 www.fboat.cn
O1 - Hosts: 202.109.114.142 cpro.baidu.com
O1 - Hosts: 202.109.114.142 unstat.baidu.com
O1 - Hosts: 202.109.114.142 y.cnxad.com
O1 - Hosts: 202.109.114.142 www.ewowo.com
O1 - Hosts: 202.109.114.142 template.union.163.com
O1 - Hosts: 202.109.114.142 new.is686.com
O1 - Hosts: 202.109.114.142 creative.unionsys.bolaa.com
O1 - Hosts: 202.109.114.142 www.qyule.com
O1 - Hosts: 202.109.114.142 99e.cc
O1 - Hosts: 202.109.114.142 www.91ivr.com
O1 - Hosts: 202.109.114.142 mg.ukaka.com
O1 - Hosts: 202.109.114.142 kooxoo2.ad4all.net
O1 - Hosts: 202.109.114.142 www.8fff.com
O1 - Hosts: 202.109.114.142 union.pomoho.com
O1 - Hosts: 202.109.114.142 202.107.233.211
O1 - Hosts: 202.109.114.142 www.end123.com
O1 - Hosts: 202.109.114.142 w1.7clink.com
O1 - Hosts: 202.109.114.142 w2.7clink.com
O1 - Hosts: 202.109.114.142 union01.com
O1 - Hosts: 202.109.114.142 click.8le8le.com
O1 - Hosts: 202.109.114.142 stbanner.allyes.com
O1 - Hosts: 202.109.114.142 mms1.moyu.com
O1 - Hosts: 202.109.114.142 u.moyu.com
O1 - Hosts: 202.109.114.142 mmsu.moyu.com
O1 - Hosts: 202.109.114.142 show.moyu.com
O1 - Hosts: 202.109.114.142 ivrsend.moyu.com
O1 - Hosts: 202.109.114.142 ivru.moyu.com
O1 - Hosts: 202.109.114.142 ivr1.moyu.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program
Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BDMCon] "C:\Program
Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program
Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program
Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter
4.6\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware
Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser
Hijack Retaliator 4.5\BHR.exe
O4 - Startup: ADSL Diagnostic Tools.LNK =
C:\WINNT\system32\mapiicon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.micros...en/x86/client/w
uweb_site.cab?1178156384703
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129
208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129
208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129
208.67.222.222
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe"
/service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
owner - C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC
Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file
missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe" /service (file missing)
any help at all will be much appreciated Thanks in advance
Syd
Please turn Word Wrap off in Notepad
If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
